trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.exercise.security.principal;

 import java.security.Principal;
 import javax.jcr.RepositoryException;

 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.oak.exercise.security.user.L3_UserVsPrincipalTest;
 import org.apache.jackrabbit.test.AbstractJCRTest;

 /**
  * <pre>
  * Module: Principal Management
  * =============================================================================
  *
  * Title: Everyone Test
  * -----------------------------------------------------------------------------
  *
  * Goal:
  * Understand the role of the {@link org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal}
  *
  * Exercises:
  *
  * - {@link #testEveryoneExists()}
  *   Test to illustrate the that everyone principal always exists and always is
  *   an instanceof {@link org.apache.jackrabbit.api.security.principal.GroupPrincipal} even if
  *   there is no corresponding authorizable.
  *   Discuss the meaning of the everyone principal and why having a corresponding authorizable is optional.
  *   Note the difference between GroupPrincipal and org.apache.jackrabbit.api.security.user.Group.
  *
  * - {@link #testEveryoneName()}
  *   Test to illustrate that the name of the everyone principal is constant.
  *   Complete the test case by typing the expected name.
  *
  * - {@link #testAccessByName()}
  *   Even though there exists a dedicated method to retrieve the everyone principal
  *   you can equally access it by name.
  *   Use the principal management API to retrieve the everyone principal by name.
  *   Discuss the drawback of this approach in an environment where you don't have access to the Oak constants.
  *
  * - {@link #testEveryoneIsMemberofEveryone()}
  *   Test case illustrating the dynamic nature of the everyone principal.
  *   Walk through the test
  *   Try to extend the test such that the default principal management exposes additional user|group principals.
  *
  * - {@link #testEveryoneAsAuthorizableGroup()}
  *   Additional test illustrating that the dynamic nature of the everyone principal
  *   does not change if there exists a corresponding authorizable group.
  *   > Create a new authorizable that corresponds to the everyone principal (Q: what parameters are constants?)
  *   > Verify that principal exposed by the authorizable corresponds to the everyone principal.
  *   > Assert that the dynamic nature of the principal has not changed.
  *   > Test if the dynamic nature also applies to the authorizable
  *
  *
  * Additional Exercises:
  * -----------------------------------------------------------------------------
  *
  * The following exercises can easily be performed in a Sling based repository
  * installation (e.g. Granite|CQ) with the same setup as in this test class.
  *
  * - Test if there exists an everyone authorizable group.
  *   If this is the case try what happens if you remove that authorizable and discuss the consequences.
  *   Question: Can you explain why it exists?
  *
  * </pre>
  *
  * @see L3_UserVsPrincipalTest
  */
 public class L3_EveryoneTest extends AbstractJCRTest {

     private PrincipalManager principalManager;

     @Override
     protected void setUp() throws Exception {
         super.setUp();

         principalManager = ((JackrabbitSession) superuser).getPrincipalManager();
     }

     @Override
     protected void tearDown() throws Exception {
         super.tearDown();
     }

     public void testEveryoneExists() throws RepositoryException {
         Principal everyone = principalManager.getEveryone();

         assertNotNull(everyone);
         assertTrue(everyone instanceof GroupPrincipal);

         Authorizable everyoneAuthorizable = ((JackrabbitSession) superuser).getUserManager().getAuthorizable(everyone);
         assertNull(everyoneAuthorizable);
     }

     public void testEveryoneName() throws RepositoryException {
         Principal everyone = principalManager.getEveryone();

         String expectedName = null; // EXERCISE type the expected authorizable name using constants defined by oak.
         assertEquals(expectedName, everyone.getName());
     }

     public void testAccessByName() throws RepositoryException {
         Principal everyone = principalManager.getEveryone();

         assertTrue(principalManager.hasPrincipal(everyone.getName()));

         Principal everyoneByName = null; // EXERCISE: retrieve the everyone principal by name
         assertEquals(everyone, everyoneByName);
     }

     public void testEveryoneIsMemberofEveryone() throws RepositoryException {
         GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone();
         PrincipalIterator it = principalManager.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);

         // EXERCISE: discuss the dynamic nature of the everyone group principal
         while (it.hasNext()) {
             Principal principal = it.nextPrincipal();
             if (everyone.equals(principal)) {
                 assertFalse(everyone.isMember(principal));
             } else {
                 assertTrue(everyone.isMember(principal));
             }
         }
     }

     public void testEveryoneAsAuthorizableGroup() throws RepositoryException {
         // EXERCISE: create an authorizable that corresponds to the everyone principal.
         org.apache.jackrabbit.api.security.user.Group everyoneAuthorizable = null;
         superuser.save();

         try {
             GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone();

             assertEquals(everyone, everyoneAuthorizable.getPrincipal());

             // EXERCISE: verify that the everyone principal is still a dynamic group
             // EXERCISE: test if the dyanmic nature also applies to the authorizable
         } finally {
             if (everyoneAuthorizable != null) {
                 everyoneAuthorizable.remove();
                 superuser.save();
             }
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.exercise.security.principal;

	import java.security.Principal;
	import javax.jcr.RepositoryException;

	import org.apache.jackrabbit.api.JackrabbitSession;
	import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
	import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
	import org.apache.jackrabbit.api.security.principal.PrincipalManager;
	import org.apache.jackrabbit.api.security.user.Authorizable;
	import org.apache.jackrabbit.oak.exercise.security.user.L3_UserVsPrincipalTest;
	import org.apache.jackrabbit.test.AbstractJCRTest;

	/**
	* <pre>
	* Module: Principal Management
	* =============================================================================
	*
	* Title: Everyone Test
	* -----------------------------------------------------------------------------
	*
	* Goal:
	* Understand the role of the {@link org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal}
	*
	* Exercises:
	*
	* - {@link #testEveryoneExists()}
	* Test to illustrate the that everyone principal always exists and always is
	* an instanceof {@link org.apache.jackrabbit.api.security.principal.GroupPrincipal} even if
	* there is no corresponding authorizable.
	* Discuss the meaning of the everyone principal and why having a corresponding authorizable is optional.
	* Note the difference between GroupPrincipal and org.apache.jackrabbit.api.security.user.Group.
	*
	* - {@link #testEveryoneName()}
	* Test to illustrate that the name of the everyone principal is constant.
	* Complete the test case by typing the expected name.
	*
	* - {@link #testAccessByName()}
	* Even though there exists a dedicated method to retrieve the everyone principal
	* you can equally access it by name.
	* Use the principal management API to retrieve the everyone principal by name.
	* Discuss the drawback of this approach in an environment where you don't have access to the Oak constants.
	*
	* - {@link #testEveryoneIsMemberofEveryone()}
	* Test case illustrating the dynamic nature of the everyone principal.
	* Walk through the test
	* Try to extend the test such that the default principal management exposes additional user\|group principals.
	*
	* - {@link #testEveryoneAsAuthorizableGroup()}
	* Additional test illustrating that the dynamic nature of the everyone principal
	* does not change if there exists a corresponding authorizable group.
	* > Create a new authorizable that corresponds to the everyone principal (Q: what parameters are constants?)
	* > Verify that principal exposed by the authorizable corresponds to the everyone principal.
	* > Assert that the dynamic nature of the principal has not changed.
	* > Test if the dynamic nature also applies to the authorizable
	*
	*
	* Additional Exercises:
	* -----------------------------------------------------------------------------
	*
	* The following exercises can easily be performed in a Sling based repository
	* installation (e.g. Granite\|CQ) with the same setup as in this test class.
	*
	* - Test if there exists an everyone authorizable group.
	* If this is the case try what happens if you remove that authorizable and discuss the consequences.
	* Question: Can you explain why it exists?
	*
	* </pre>
	*
	* @see L3_UserVsPrincipalTest
	*/
	public class L3_EveryoneTest extends AbstractJCRTest {

	private PrincipalManager principalManager;

	@Override
	protected void setUp() throws Exception {
	super.setUp();

	principalManager = ((JackrabbitSession) superuser).getPrincipalManager();
	}

	@Override
	protected void tearDown() throws Exception {
	super.tearDown();
	}

	public void testEveryoneExists() throws RepositoryException {
	Principal everyone = principalManager.getEveryone();

	assertNotNull(everyone);
	assertTrue(everyone instanceof GroupPrincipal);

	Authorizable everyoneAuthorizable = ((JackrabbitSession) superuser).getUserManager().getAuthorizable(everyone);
	assertNull(everyoneAuthorizable);
	}

	public void testEveryoneName() throws RepositoryException {
	Principal everyone = principalManager.getEveryone();

	String expectedName = null; // EXERCISE type the expected authorizable name using constants defined by oak.
	assertEquals(expectedName, everyone.getName());
	}

	public void testAccessByName() throws RepositoryException {
	Principal everyone = principalManager.getEveryone();

	assertTrue(principalManager.hasPrincipal(everyone.getName()));

	Principal everyoneByName = null; // EXERCISE: retrieve the everyone principal by name
	assertEquals(everyone, everyoneByName);
	}

	public void testEveryoneIsMemberofEveryone() throws RepositoryException {
	GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone();
	PrincipalIterator it = principalManager.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);

	// EXERCISE: discuss the dynamic nature of the everyone group principal
	while (it.hasNext()) {
	Principal principal = it.nextPrincipal();
	if (everyone.equals(principal)) {
	assertFalse(everyone.isMember(principal));
	} else {
	assertTrue(everyone.isMember(principal));
	}
	}
	}

	public void testEveryoneAsAuthorizableGroup() throws RepositoryException {
	// EXERCISE: create an authorizable that corresponds to the everyone principal.
	org.apache.jackrabbit.api.security.user.Group everyoneAuthorizable = null;
	superuser.save();

	try {
	GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone();

	assertEquals(everyone, everyoneAuthorizable.getPrincipal());

	// EXERCISE: verify that the everyone principal is still a dynamic group
	// EXERCISE: test if the dyanmic nature also applies to the authorizable
	} finally {
	if (everyoneAuthorizable != null) {
	everyoneAuthorizable.remove();
	superuser.save();
	}
	}
	}
	}